Transcript Lecture 34 Privacy & Security

Lecture # 34
Privacy and Security
Privacy and Security
Privacy and Security
•
•
•
•
•
•
•
•
Passwords
Spam
Scams
Viruses and Worms (Malware)
Intellectual Property and Copyright
Cookies
Encryption
Back-Ups
Passwords
• Password Break-ins: Try all possible strings in
lexicographic order (but software usually
limits the # of times)
• Passwords are scrambled/encrypted, so if you
forget, you have to reset
• Use a phrase vs. word
• Make it personal and use characters like
@, $, # …
• Change and recycle passwords for security
Spam
• Unsolicited Email (but check, maybe you did solicit it)
• Spam Filters:
- Don’t “understand” messages
- Trainable: Mark undesirable email as Spam/Junk.
- Use heuristics based on message characteristics
“Bag of Words” techniques (like image search)
- Compute Spam “Score”: If greater than some threshhold, quarantine the message
Scams
• Scam Spam: Attempts to Defraud
- Identity Theft
- Access your accounts (bank, computer)
- The “Nigerian Widow” – play on sympathy
“Need your money to secure a ‘deal.’”
• Phishing: Attempts to capture personal info, looks
authentic
- SSN, Bank account #, password, etc.
“In order to continue service we need …”
Scam Spam Example
• Phishing and Spoofing use bogus links, log-ins
• Reputable companies never ask for sensitive info by email
• Don’t click on links if you suspect phishing
Viruses and Worms (Malware)
• Virus: A program, V, that “infects” another program,
P, by imbedding a copy of itself in P. Running
infected P allows V to make copies of itself and infect
(and possibly damage) other programs as well
Example: A Trojan virus may hide itself in other
programs, recording keystrokes, passwords, etc.
• Worm: A program that makes copies of itself,
“tunneling” across the network
Viruses and Worms (Malware)
• Do not click on attachment or links without verifying it is
from a trusted source. Even then be cautious: Friends may
unwittingly pass along Malware
• Be especially cautious of .exe files. Is there a reason why
someone is emailing you an .exe file?
• Malware can then send email and attachments to those in
your address book
• “Bots” = Malware programs that pretend to be humans
visit Facebook, etc., post notes, URLs to update software that is actually Malware
• Install and use up-to-date anti-virus software
(Some Malware says “You have a virus, click here, and
download this anti-virus software and then … Shazam!)
Intellectual Property and Copyright
• Intellectual Property: Any human creation (photos, music,
books, artwork, computer programs, etc.)
• You automatically own the copyright of what you create in
the U.S. and most other nations. That copy-”right” includes:
- making a copy of the work
- using it as a spring-board for other work
- publishing or distributing it, physically or electronically
- performing or displaying the work
• If you don’t own the copyright you are free to:
- view, read or listen to it (if its in the public domain)
- use for educational purposes: limited quoting, review
- access it for “Fair Use” (What use? How used? How much
will be used? Market effect?) – Consult an expert.
Privacy and Property
• Do you own the work, information, images, music, phone
number lists, etc?
• If you are in business, do you have the right to use
customer information (names, addresses, phone numbers,
personal info, etc) for anything beyond the transaction?
(i.e. Re-using, remarketing, a customer’s personal info.
usually requires the customer’s approval.)
• U.S. and Europe have laws to protect privacy.
China does not.
• You are responsible for maintaining and securing the
privacy of information for which you are responsible.
The government has no obligation to do this for you.
Cookies
• Cookie: A record with multiple fields, stored on the client’s
computer, that uniquely identifies a client’s session on a
website.
• The server can ask to see your Cookie when you go to
that website. This can tell them you are the same user
from page to page as you browse the web.
• You can
- turn off cookies altogether
- require the server to ask each time it wants to see your
cookie
- accept all cookies
Encryption
• Encryption: encodes data so that it is not readable or
recognizable without a “key”
• Used to safely pass sensitive information over the internet
and/or through email
• Use Encryption algorithms and keys that are hard to break
• Decryption: Reverses the Encryption
Encryption Example
• Pass the secret message/info “Hi” using an XOR “key”
• In ASCII
“Hi” = 72 105 =
• Encryption Key:
1
0
0
1
0
0
0
1
1
0
1
0
0
1
1 1 0 1 1 0 1
0 0 1 1 0 1 0
• Encrypted Message: 0 1 0 0 1 0 1
1 1 1 0 0 1 1
• XOR: 0 0 1 1
0 1 0 1
0 1 1 0
%
s
Encryption
• The “key” is to have the Encryption key
1 1 0 1 1 0 1 0 0 1 1 0 1 0
held privately on each computer
– never passed over the internet – or if it is, encoded in some way
• To break the code, you must have the key
• The stronger the key, the better the Encryption
• Many possibilities/algorithms for encrypting (not just XOR)
• Public key rely on large prime numbers
Back-Ups
• Lots of redundancy (multiple copies) is a big key
• Do automatically – daily, to keep changes – or whatever the
cycle is that defines what you cannot afford to lose
• Can set up a script or batch file to do this automatically
• Date Back-ups. Restore most recent one first.
• Keep in separate locations (fire, floods, etc.)
(Give copies of precious information – photos, journals, etc.
to other family members)